What's new
By:
Filters
ClioSport.net

Register a free account today to become a member!
Once signed in, you'll be able to participate on this site by adding your own topics and posts, as well as connect with other members through your own private inbox!

  • When you purchase through links on our site, we may earn an affiliate commission. Read more here.

Domain "regular user" rights



cava83

cava83

  Rav4
Hi guys,

Just wondering how you go about this,

By default, all the users are locked down through the default domain policy, so they can't re-start services and simple things such as that.

Do you guys have them this locked down, or do you give them certain rights, some people just add the domain user to the local administrator group, but that's awful practice for all users.

Any info appreciated :)
 
Cookie

Cookie

ClioSport Club Member
We have them more locked down than that

Some users can't even shut their own machines down, can't use anything in CP, can't even change the time on the clock.

It's ridiculously f**king overkill, and annoying to treat all users like naughty children
 
A

Andy.

  Cupra
Ours are locked down completely. But they have proven time and time again that they can't be trusted so it all went.

No personalisation possible, standard policy across the board = people working and not f**king about.

That said, there is still one guy who spent nearly an hour googling for ways around Surfcontrol the other week. lol
 
H182

H182

  182
gabi_cavaller said:
Hi guys,

Just wondering how you go about this,

By default, all the users are locked down through the default domain policy, so they can't re-start services and simple things such as that.

Do you guys have them this locked down, or do you give them certain rights, some people just add the domain user to the local administrator group, but that's awful practice for all users.

Any info appreciated :)
Click to expand...

Depends on the company/situation, but we do this. Easier and less hassle in the long run.

The users have to agree to an IT Policy that states they can't f**k about with the machine, if they do they get bollocked. And its only their own machine they use or mess up, so only effects them in the long run.
 
cava83

cava83

  Rav4
MMMMMMMMMmmmmmmmmmmmmmm cool.

I am messing around with Spiceworks, just having issues with getting data of some machines.

Think it's linked with the RPC error and so on from before,

When Spiceworks can't connect to a computer, it returns this error. This could be because of WMI or it could be a couple of other things.
Sometimes the most obvious explanation is the right one. Maybe the computer is just not online. If this is the case, you're obviously not going to be able to connect through WMI. Check that the computer is online by trying to ping the remote machine, or by using a command-line or GUI tool.
You might not have administrator rights on the remote computer. It could be possible that the account you are using to access the remote machine is a "regular" user account and not an administrator account.

It's possible to be granted access to WMI namespace even if you aren't a local administrator.
You can check this by right-clicking the My Computer icon and clicking on Manage. Select Services and Applications, right-click WMI Control and select Properties. You can then find the information you're looking for in the Security tab.

A firewall could be blocking your access to the remote computer. WMI uses DCOM and RPC (Remote Procedure Call) protocols to communicate across your network. Many firewalls block these protocols by default. Every firewall has a different method to change what gets through. Check out this link for some tips.
The WMI versions of the remote computer and your computer may be incompatible. If the computer you are using is running Windows XP or Server 2003 (or later), this shouldn't be an issue. However, if you are using an older version of Windows, such as Windows 2000 SP1, you might not be able to communicate with a newer operating system without an upgrade.
Click to expand...
 
M

McBunny

for my users i lock certain things down but some are local admin due to the software they run and stuff they need to do

but they all sign a policy doc that tells them they cant install stuff or mess around for fear of the sack
 
Darren S

Darren S

ClioSport Club Member
AndyRS said:
Ours are locked down completely. But they have proven time and time again that they can't be trusted so it all went.

No personalisation possible, standard policy across the board = people working and not f**king about.

That said, there is still one guy who spent nearly an hour googling for ways around Surfcontrol the other week. lol
Click to expand...

I'm with Andy on this one. Give them an inch and they will take a mile. They have no comprehension of the knock-on effects of their actions on either their own PC or the network as a whole.

Wallpapers were the first to go for a start. Us IT bods can put whatever we want on ours, but we don't as that's just taking the piss. "Do as I say and not as I do" - not a good way to earn respect. ;)

D.
 
cava83

cava83

  Rav4
Domain admins, do have rights.

Some programs do require higher rights, however, I don't want to give them local administrator rights for the regular users.

What would be the best way to give users those "higher rights" without being a local admin, could just create a power users group and add them to that I suppose.
 
I

iain187

  DCi
we have default settings here pretty much but its a tiny company and all the staff are middle aged women who are too scared to push any buttons.

There was one girl who in a different office to the one i work in, that had installed tons of crap on her computer, but we dont really have anything in place to limit users rights here so i just left her to it, she never asked for much help anyway.

Although when it came to redundancy time she was off and she managed to get the computer in her package (the boss said yes to anything to make sure she went LOL) but what she didnt realise is I did a quick format of C:\ before she left as she cant have our licenses (windows, office, some adobe software etc)

She was a bit gutted as she just really wanted the software, she keeps asking me where she might be able to download stuff and i just keep deleting hehe
 
Sargara

Sargara

  Nissan 350z
gabi_cavaller said:
Hi guys,

Just wondering how you go about this,

By default, all the users are locked down through the default domain policy, so they can't re-start services and simple things such as that.

Do you guys have them this locked down, or do you give them certain rights, some people just add the domain user to the local administrator group, but that's awful practice for all users.

Any info appreciated :)
Click to expand...

If you lock users down by Group Policy on the domain then it applies to everyone, which is how we do it. If the users want something doing that requires rights then they use us Desktop Engineers who have Domain Admin. If you start giving control to the users then you are undermining the need to have paid Desktop support.
 
You must log in or register to reply here.

Similar threads

SharkyUK
Frogg- Jumpy-Hop-Hop "Remake"
Replies
16
Views
1K
SharkyUK
SharkyUK
massiveCoRbyn
Pretending to be a Rally Driver (Snetterton Stages 2024)
Replies
16
Views
1K
massiveCoRbyn
massiveCoRbyn
Danith
Goodyear tyre issues from new (and other manufacturers)
Replies
33
Views
2K
Darren S
Darren S
M
Another newbie.
Replies
4
Views
1K
Mark-182-Trophy
M
D
Cleaning the oil ring within the engine
Replies
5
Views
906
R3k1355
R3k1355


Top